General
-
Target
d709aab9b049d7b936c554f5a1d640af0ce17e3ae3fdd7323cfa286718d609e4
-
Size
499KB
-
Sample
220521-ny9xpshean
-
MD5
7cffb5b96c7700c96356126f9650e764
-
SHA1
5fdc8b365e408155a10533c5937bec77f2a208a4
-
SHA256
d709aab9b049d7b936c554f5a1d640af0ce17e3ae3fdd7323cfa286718d609e4
-
SHA512
6887a01fd377dcfa3d07e28438e218225804e687bd1cacefa002df2e1f1993e4b566b142a3e794cfd4d3270bccb95bdd91ca52223a7dfc781e7242b3b562b859
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order Data Sheet.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scandinavian-collection.com - Port:
587 - Username:
may@scandinavian-collection.com - Password:
kR6d.DFet#7w
Targets
-
-
Target
Purchase Order Data Sheet.exe
-
Size
651KB
-
MD5
26b9a6cee367f28b277d48ade4e64a7a
-
SHA1
09b1cbd4c0a7c9e77466a823f5e471cd041f6067
-
SHA256
723497bec220b3ef0d45c5134403fd2ba23eef0673707cf1e74166b06365d308
-
SHA512
fe4de9e0c3fb24deb065442186094ccffc22003462a267d0de07feb5176659cb42874246db1c6f9b8d65895205594e00f23100ea208779a1235772c2c6c7aad1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-